Merge branch '2021-07-23-reboot-mode-and-cryptfs-passwd-support'

- A new driver uclass is created to handle the reboot mode control.
- Add support for libcrypt-style passwords for autoboot

10 files changed, 264 insertions, 0 deletions

diff --git a/test/Kconfig b/test/Kconfig
index ab3ac54a1b2..e15ba239eb3 100644
--- a/test/Kconfig
+++ b/test/Kconfig
@@ -38,6 +38,16 @@ config UT_LIB_ASN1
 	  Enables a test which exercises asn1 compiler and decoder function
 	  via various parsers.
 
+config UT_LIB_CRYPT
+	bool "Unit test for crypt-style password hashing"
+	depends on !SPL && AUTOBOOT_KEYED && AUTOBOOT_ENCRYPTION
+	default y
+	select CRYPT_PW
+	select CRYPT_PW_SHA256
+	select CRYPT_PW_SHA512
+	help
+	  Enables a test for the crypt-style password hash functions.
+
 config UT_LIB_RSA
 	bool "Unit test for rsa_verify() function"
 	depends on RSA
diff --git a/test/Makefile b/test/Makefile
index 117839e5847..b3b2902e2e7 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -22,6 +22,7 @@ obj-$(CONFIG_UT_TIME) += time_ut.o
 obj-y += ut.o
 
 ifeq ($(CONFIG_SPL_BUILD),)
+obj-$(CONFIG_UNIT_TEST) += common/
 obj-$(CONFIG_UNIT_TEST) += lib/
 obj-y += log/
 obj-$(CONFIG_$(SPL_)UT_UNICODE) += unicode_ut.o
diff --git a/test/cmd_ut.c b/test/cmd_ut.c
index 6f174c6a07f..90b260f72d6 100644
--- a/test/cmd_ut.c
+++ b/test/cmd_ut.c
@@ -28,6 +28,7 @@ int cmd_ut_category(const char *name, const char *prefix,
 
 static struct cmd_tbl cmd_ut_sub[] = {
 	U_BOOT_CMD_MKENT(all, CONFIG_SYS_MAXARGS, 1, do_ut_all, "", ""),
+	U_BOOT_CMD_MKENT(common, CONFIG_SYS_MAXARGS, 1, do_ut_common, "", ""),
 #if defined(CONFIG_UT_DM)
 	U_BOOT_CMD_MKENT(dm, CONFIG_SYS_MAXARGS, 1, do_ut_dm, "", ""),
 #endif
diff --git a/test/common/Makefile b/test/common/Makefile
new file mode 100644
index 00000000000..24c9145dccc
--- /dev/null
+++ b/test/common/Makefile
@@ -0,0 +1,3 @@
+# SPDX-License-Identifier: GPL-2.0+
+obj-y += cmd_ut_common.o
+obj-$(CONFIG_AUTOBOOT) += test_autoboot.o
diff --git a/test/common/cmd_ut_common.c b/test/common/cmd_ut_common.c
new file mode 100644
index 00000000000..2c0267801b2
--- /dev/null
+++ b/test/common/cmd_ut_common.c
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2019 Heinrich Schuchardt <xypron.glpk@gmx.de>
+ * Copyright (c) 2021 Steffen Jaeckel <jaeckel-floss@eyet-services.de>
+ *
+ * Unit tests for common functions
+ */
+
+#include <common.h>
+#include <command.h>
+#include <test/common.h>
+#include <test/suites.h>
+#include <test/ut.h>
+
+int do_ut_common(struct cmd_tbl *cmdtp, int flag, int argc, char *const argv[])
+{
+	struct unit_test *tests = UNIT_TEST_SUITE_START(common_test);
+	const int n_ents = UNIT_TEST_SUITE_COUNT(common_test);
+
+	return cmd_ut_category("common", "common_test_", tests, n_ents, argc,
+			       argv);
+}
diff --git a/test/common/test_autoboot.c b/test/common/test_autoboot.c
new file mode 100644
index 00000000000..6564ac70496
--- /dev/null
+++ b/test/common/test_autoboot.c
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2021 Steffen Jaeckel
+ *
+ * Unit tests for autoboot functionality
+ */
+
+#include <autoboot.h>
+#include <common.h>
+#include <test/common.h>
+#include <test/test.h>
+#include <test/ut.h>
+
+#include <crypt.h>
+
+static int check_for_input(struct unit_test_state *uts, const char *in,
+			   bool correct)
+{
+	/* The bootdelay is set to 1 second in test_autoboot() */
+	const char *autoboot_prompt =
+		"Enter password \"a\" in 1 seconds to stop autoboot";
+
+	console_record_reset_enable();
+	console_in_puts(in);
+	autoboot_command("echo Autoboot password unlock not successful");
+	ut_assert_nextline(autoboot_prompt);
+	if (!correct)
+		ut_assert_nextline("Autoboot password unlock not successful");
+	ut_assert_console_end();
+	return 0;
+}
+
+/**
+ * test_autoboot() - unit test for autoboot
+ *
+ * @uts:	unit test state
+ * Return:	0 = success, 1 = failure
+ */
+static int test_autoboot(struct unit_test_state *uts)
+{
+	/* make sure that the bootdelay is set to something,
+	 * otherwise the called functions will time out
+	 */
+	ut_assertok(env_set("bootdelay", "1"));
+	bootdelay_process();
+
+	/* unset all relevant environment variables */
+	env_set("bootstopusesha256", NULL);
+	env_set("bootstopkeycrypt", NULL);
+	env_set("bootstopkeysha256", NULL);
+
+	if (IS_ENABLED(CONFIG_CRYPT_PW_SHA256)) {
+		/* test the default password from CONFIG_AUTOBOOT_STOP_STR_CRYPT */
+		ut_assertok(check_for_input(uts, "a\n", true));
+		/* test a password from the `bootstopkeycrypt` environment variable */
+		ut_assertok(env_set(
+			"bootstopkeycrypt",
+			"$5$rounds=640000$ycgRgpnRq4lmu.eb$aZ6YJWdklvyLML13w7mEHMHJnJOux6aptnp6VlsR5a9"));
+
+		ut_assertok(check_for_input(uts, "test\n", true));
+
+		/* verify that the `bootstopusesha256` variable is treated correctly */
+		ut_assertok(env_set("bootstopusesha256", "false"));
+		ut_assertok(check_for_input(uts, "test\n", true));
+	}
+
+	if (IS_ENABLED(CONFIG_AUTOBOOT_ENCRYPTION)) {
+		/* test the `bootstopusesha256` and `bootstopkeysha256` features */
+		ut_assertok(env_set("bootstopusesha256", "true"));
+		ut_assertok(env_set(
+			"bootstopkeysha256",
+			"edeaaff3f1774ad2888673770c6d64097e391bc362d7d6fb34982ddf0efd18cb"));
+
+		ut_assertok(check_for_input(uts, "abc\n", true));
+
+		ut_assertok(env_set(
+			"bootstopkeysha256",
+			"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"));
+
+		ut_assertok(check_for_input(uts, "abc", true));
+
+		ut_assertok(check_for_input(uts, "abc\n", true));
+
+		ut_assertok(check_for_input(uts, "abd", false));
+	}
+
+	return CMD_RET_SUCCESS;
+}
+
+COMMON_TEST(test_autoboot, 0);
diff --git a/test/dm/Makefile b/test/dm/Makefile
index 9ef9171a1cb..d5c42e7643e 100644
--- a/test/dm/Makefile
+++ b/test/dm/Makefile
@@ -27,6 +27,7 @@ obj-$(CONFIG_AXI) += axi.o
 obj-$(CONFIG_BLK) += blk.o
 obj-$(CONFIG_BUTTON) += button.o
 obj-$(CONFIG_DM_BOOTCOUNT) += bootcount.o
+obj-$(CONFIG_DM_REBOOT_MODE) += reboot-mode.o
 obj-$(CONFIG_CLK) += clk.o clk_ccf.o
 obj-$(CONFIG_CPU) += cpu.o
 obj-$(CONFIG_CROS_EC) += cros_ec.o
diff --git a/test/dm/reboot-mode.c b/test/dm/reboot-mode.c
new file mode 100644
index 00000000000..fbb9c3a5426
--- /dev/null
+++ b/test/dm/reboot-mode.c
@@ -0,0 +1,71 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * (C) 2018 Theobroma Systems Design und Consulting GmbH
+ */
+
+#include <common.h>
+#include <dm.h>
+#include <reboot-mode/reboot-mode.h>
+#include <env.h>
+#include <log.h>
+#include <asm/gpio.h>
+#include <asm/rtc.h>
+#include <asm/test.h>
+#include <dm/test.h>
+#include <test/test.h>
+#include <test/ut.h>
+#include <rtc.h>
+#include <linux/byteorder/generic.h>
+
+static int dm_test_reboot_mode_gpio(struct unit_test_state *uts)
+{
+	struct udevice *gpio_dev;
+	struct udevice *rm_dev;
+	int gpio0_offset = 0;
+	int gpio1_offset = 1;
+
+	uclass_get_device_by_name(UCLASS_GPIO, "pinmux-gpios", &gpio_dev);
+
+	/* Prepare the GPIOs for "download" mode */
+	sandbox_gpio_set_direction(gpio_dev, gpio0_offset, 0);
+	sandbox_gpio_set_direction(gpio_dev, gpio1_offset, 0);
+	sandbox_gpio_set_value(gpio_dev, gpio0_offset, 1);
+	sandbox_gpio_set_value(gpio_dev, gpio1_offset, 1);
+
+	ut_assertok(uclass_get_device_by_name(UCLASS_REBOOT_MODE,
+					      "reboot-mode0", &rm_dev));
+	ut_assertok(dm_reboot_mode_update(rm_dev));
+
+	ut_asserteq_str("download", env_get("bootstatus"));
+
+	return 0;
+}
+
+DM_TEST(dm_test_reboot_mode_gpio,
+	UT_TESTF_PROBE_TEST | UT_TESTF_SCAN_FDT | UT_TESTF_FLAT_TREE);
+
+static int dm_test_reboot_mode_rtc(struct unit_test_state *uts)
+{
+	struct udevice *rtc_dev;
+	struct udevice *rm_dev;
+	u32 read_val;
+	u32 test_magic_val = cpu_to_be32(0x21969147);
+
+	uclass_get_device_by_name(UCLASS_RTC, "rtc@43",
+				  &rtc_dev);
+	dm_rtc_write(rtc_dev, REG_AUX0, (u8 *)&test_magic_val, 4);
+
+	ut_assertok(uclass_get_device_by_name(UCLASS_REBOOT_MODE,
+					      "reboot-mode@14", &rm_dev));
+	ut_assertok(dm_reboot_mode_update(rm_dev));
+
+	ut_asserteq_str("test", env_get("bootstatus"));
+
+	dm_rtc_read(rtc_dev, REG_AUX0, (u8 *)&read_val, 4);
+	ut_asserteq(read_val, 0);
+
+	return 0;
+}
+
+DM_TEST(dm_test_reboot_mode_rtc,
+	UT_TESTF_PROBE_TEST | UT_TESTF_SCAN_FDT | UT_TESTF_FLAT_TREE);
diff --git a/test/lib/Makefile b/test/lib/Makefile
index aa2e66bc7f4..6fd05142510 100644
--- a/test/lib/Makefile
+++ b/test/lib/Makefile
@@ -17,3 +17,4 @@ obj-$(CONFIG_UT_LIB_ASN1) += asn1.o
 obj-$(CONFIG_UT_LIB_RSA) += rsa.o
 obj-$(CONFIG_AES) += test_aes.o
 obj-$(CONFIG_GETOPT) += getopt.o
+obj-$(CONFIG_UT_LIB_CRYPT) += test_crypt.o
diff --git a/test/lib/test_crypt.c b/test/lib/test_crypt.c
new file mode 100644
index 00000000000..fb21edf9748
--- /dev/null
+++ b/test/lib/test_crypt.c
@@ -0,0 +1,64 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (c) 2021 Steffen Jaeckel
+ *
+ * Unit test for crypt-style password hashing
+ */
+
+#include <common.h>
+#include <test/lib.h>
+#include <test/test.h>
+#include <test/ut.h>
+
+#include <crypt.h>
+
+/**
+ * lib_crypt() - unit test for crypt-style password hashing
+ *
+ * @uts:	unit test state
+ * Return:	0 = success, 1 = failure
+ */
+static int lib_crypt(struct unit_test_state *uts)
+{
+	int equals = 0;
+	int err;
+
+	err = crypt_compare("", "password", &equals);
+	ut_assertf(err != 0, "crypt_compare successful but should not\n");
+	ut_assertf(equals != 1,
+		   "crypt_compare password hash matched but should not\n");
+
+	if (IS_ENABLED(CONFIG_CRYPT_PW_SHA256)) {
+		err = crypt_compare("$5$", "password", &equals);
+		ut_assertf(err == 0, "crypt-sha256 not successful\n");
+		ut_assertf(
+			equals != 1,
+			"crypt-sha256 password hash matched but should not\n");
+
+		err = crypt_compare(
+			"$5$rounds=640000$TM4lL4zXDG7F4aRX$JM7a9wmvodnA0WasjTztj6mxg.KVuk6doQ/eBhdcapB",
+			"password", &equals);
+		ut_assertf(err == 0, "crypt-sha256 failed: %d\n", err);
+		ut_assertf(equals == 1,
+			   "crypt-sha256 password hash didn't match\n");
+	}
+	equals = 0;
+	if (IS_ENABLED(CONFIG_CRYPT_PW_SHA512)) {
+		err = crypt_compare("$6$", "password", &equals);
+		ut_assertf(err == 0, "crypt-sha512 not successful\n");
+		ut_assertf(
+			equals != 1,
+			"crypt-sha512 password hash matched but should not\n");
+
+		err = crypt_compare(
+			"$6$rounds=640000$fCTP1F0N5JLq2eND$z5EzK5KZJA9JnOaj5d1Gg/2v6VqFOQJ3bVekWuCPauabutBt/8qzV1exJnytUyhbq3H0bSBXtodwNbtGEi/Tm/",
+			"password", &equals);
+		ut_assertf(err == 0, "crypt-sha512 failed: %d\n", err);
+		ut_assertf(equals == 1,
+			   "crypt-sha512 password hash didn't match\n");
+	}
+
+	return CMD_RET_SUCCESS;
+}
+
+LIB_TEST(lib_crypt, 0);